package com.mhkj.base.rbac.user.controller;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.mics.core.common.componet.ResponseMessage;
import com.mics.core.common.constant.Constants;
import com.mics.core.redis.util.RedisUtil;
import com.mics.core.system.organizational.bean.Employee;
import com.mics.core.system.organizational.service.PermissionService;
import com.mics.core.system.rbac.entity.User;

/**
 * 登陆
 * @author mics
 * @date 2018年5月16日
 * @version 1.0
 */
@Controller
public class LoginController {
	@Resource
	private PermissionService permissionService;
	

	@Autowired
	RedisUtil redisUtil;
	/**
	 * 登陆页面
	 * @author mics
	 * @date 2018年5月18日
	 * @version 1.0
	 */
	@RequestMapping("/")
	public String loginPage(){
		return "index";
	}
	
	
	@RequestMapping("/login")
	@ResponseBody
	public ResponseMessage login(User user,String validateCode,HttpServletRequest request,HttpServletResponse response ){
        String result = permissionService.getUserByLoginNameAndPassword(user.getUsername(), user.getPassword());
        Gson gson = new GsonBuilder().create();
        Employee userTemp = gson.fromJson(result, Employee.class);
        if(StringUtils.hasText(userTemp.getId())){
    		UsernamePasswordToken token = new UsernamePasswordToken(userTemp.getLoginName(), "0000"); 
            Subject currentUser = SecurityUtils.getSubject();  
            try{
            	currentUser.login(token);
            	request.getSession().setAttribute(Constants.CURRENT_USER, userTemp);
          		return ResponseMessage.createMessage(true, result);
            }catch(UnknownAccountException uae){  
   			 return ResponseMessage.createMessage(false, "请登录!");
           }catch(IncorrectCredentialsException ice){  
   			 return ResponseMessage.createMessage(false, "用户名或密码不正确!");
           }catch(LockedAccountException lae){  
   			 return ResponseMessage.createMessage(false, "账户已锁定!");
           }catch(ExcessiveAttemptsException eae){  
   			 return ResponseMessage.createMessage(false, "用户名或密码错误次数过多!");
           }catch(AuthenticationException ae){  
   			 return ResponseMessage.createMessage(false, "用户名或密码不正确!");
           }  
            
        }else{
      		return ResponseMessage.createMessage(false, "用户名或者密码错误！");
        }
        
	}
	
	/**
	 * 验证是否登录
	 * @param sessionid
	 * @param request
	 * @param response
	 */
	public void isLogin(String sessionid,HttpServletRequest request,HttpServletResponse response) {
		request.getSession().setAttribute(Constants.CURRENT_USER, redisUtil.getHash("spring:session:sessions:"+sessionid, "sessionAttr:sessionUser"));

	}
	
}
